If you put "VerifyReverseMapping no" in your sshd configuration file, you won't see these messages. Having VerifyReverseMapping turned on is of dubious value anyway. From http://www.webservertalk.com/message446383.html
As for the rest of it - sounds like faxserver is basically having DNS problems. I assume that 192.168.1.18 and .19 are fidelo and admin, and are running bind9 correctly (ie, other machines can look up DNS stuff) ? Is this network connected to the net? Or is it isolated? These machines are all linux boxes right? Could it be a missing dot in the bind config files? Or spaces instead of tabs? Some of those are hideously hard to trace. Also - check in ifconfig that the lo interface is up. I've seen excessive weirdness when some smartarse has done a ifconfig lo down Do you use NFS or NIS ? -----Original Message----- From: David Kirk [mailto:[EMAIL PROTECTED] Sent: Monday, 1 November 2004 2:18 p.m. To: [EMAIL PROTECTED] Subject: Reverse DNS Lookups from SuSE 9.1 When I remotely access the server with ssh, I type in my user name and then have to wait about 20 seconds for the password prompt. This is what /var/log/messages says about it: Nov 1 12:53:50 faxserver sshd[17147]: reverse mapping checking getaddrinfo for david.chchcasino.local failed - POSSIBLE BREAKIN ATTEMPT! I run yast and select Network Services -> DNS and Host Name. The host name and domain name are faxserver.chchcasino.local. Name Server 1 and 2 show the IP addresses of our DNS servers and Domain Search 1 shows chchcasino.local. And just to be sure: [EMAIL PROTECTED]:~> cat /etc/resolv.conf nameserver 192.168.1.18 nameserver 192.168.1.19 search chchcasino.local So, I do a lookup on david.chchcasino.local: [EMAIL PROTECTED]:~> dig david.chchcasino.local ; <<>> DiG 9.2.3 <<>> david.chchcasino.local ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21462 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;david.chchcasino.local. IN A ;; ANSWER SECTION: david.chchcasino.local. 86400 IN A 192.168.1.81 ;; AUTHORITY SECTION: chchcasino.local. 86400 IN NS fidelio.chchcasino.local. chchcasino.local. 86400 IN NS admin.chchcasino.local. ;; ADDITIONAL SECTION: fidelio.chchcasino.local. 86400 IN A 192.168.1.18 admin.chchcasino.local. 86400 IN A 192.168.1.19 ;; Query time: 3 msec ;; SERVER: 192.168.1.18#53(192.168.1.18) ;; WHEN: Mon Nov 1 13:15:20 2004 ;; MSG SIZE rcvd: 146 and a reverse lookup on my IP address: [EMAIL PROTECTED]:~> dig -x 192.168.1.81 ; <<>> DiG 9.2.3 <<>> -x 192.168.1.81 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62387 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;81.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 81.1.168.192.in-addr.arpa. 86400 IN PTR david.chchcasino.local. ;; AUTHORITY SECTION: 168.192.IN-ADDR.ARPA. 86400 IN NS fidelio.chchcasino.local. 168.192.IN-ADDR.ARPA. 86400 IN NS admin.chchcasino.local. ;; ADDITIONAL SECTION: fidelio.chchcasino.local. 86400 IN A 192.168.1.18 admin.chchcasino.local. 86400 IN A 192.168.1.19 ;; Query time: 3 msec ;; SERVER: 192.168.1.18#53(192.168.1.18) ;; WHEN: Mon Nov 1 13:16:03 2004 ;; MSG SIZE rcvd: 173 That all looks good to me. But it gets worse. Hylafax also wants to do reverse lookups. If I use WHFC (the Windows Hylafax Client), or telnet to faxserver on port 4559, I get the 20 second delays and the following error message in /var/log/messages: Nov 1 12:56:11 faxserver HylaFAX[17172]: <--- 130 Warning, no inverse address mapping for client host name "david.chchcasino.local". And worse still, postfix can't find our internal mail server. Here is what mailq says: B76E7A441 701 Fri Oct 29 16:23:54 [EMAIL PROTECTED] ([mail.chchcasino.local]: Name or service not known) [EMAIL PROTECTED] But I say it is there: [EMAIL PROTECTED]:~> dig -t mx chchcasino.local ; <<>> DiG 9.2.3 <<>> -t mx chchcasino.local ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10386 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; QUESTION SECTION: ;chchcasino.local. IN MX ;; ANSWER SECTION: chchcasino.local. 86400 IN MX 10 mail.chchcasino.local. ;; AUTHORITY SECTION: chchcasino.local. 86400 IN NS fidelio.chchcasino.local. chchcasino.local. 86400 IN NS admin.chchcasino.local. ;; ADDITIONAL SECTION: mail.chchcasino.local. 86400 IN A 192.168.1.13 fidelio.chchcasino.local. 86400 IN A 192.168.1.18 admin.chchcasino.local. 86400 IN A 192.168.1.19 ;; Query time: 4 msec ;; SERVER: 192.168.1.18#53(192.168.1.18) ;; WHEN: Mon Nov 1 13:23:07 2004 ;; MSG SIZE rcvd: 145 So, after all that, does anyone know why dig can see all that stuff but sshd, hylafax and postfix can't? If I add myself in to /etc/hosts, sshd and hylafx all work at normal speeds. While writing this e-mail, I also tried to ping some of these hosts. It turns out that I can ping the IP addresses, but not the host names: [EMAIL PROTECTED]:~> ping -c 1 david.chchcasino.local ping: unknown host david.chchcasino.local [EMAIL PROTECTED]:~> ping -c 1 192.168.1.81 PING 192.168.1.81 (192.168.1.81) 56(84) bytes of data. 64 bytes from 192.168.1.81: icmp_seq=1 ttl=128 time=0.354 ms --- 192.168.1.81 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.354/0.354/0.354/0.000 ms Very strange. dig (and host and nslookup) can do DNS lookups, but nothing else can. The same thing happens when I telnet to the mail server on port 25. I can telnet 192.168.1.13 25 but not mail.chchcasino.local 25.
